News & Insights  |  Newsletters

Top Ten Health Care Privacy and Security Developments for 2015

January 2015

It is probably fair to say that the health care industry is constantly in turmoil.  When you factor in multiple large-scale expansions of government health care programs, enormous advances in medicine and technology, rapid evolution of health insurance arrangements, new attention to wellness programs, and individual involvement in health care along with vast arrays of new business combinations between and among health care providers and payers, it is hard to think of the last time when the health care industry hasn't been embroiled in vast chaos.

Even with this ongoing status quo, the developments to look at in 2015 for health care privacy and security stand out.  We have significant possibilities this year of massive new changes in litigation and enforcement, the very real possibility of significant new legislation or regulation that could overhaul some primary elements of the health care privacy universe, and rapid growth in risks related to data security and cybersecurity.  It will be a critical year for lawyers, privacy officers, compliance officials and, increasingly, senior management to pay close attention to the primary “hot topics” for the year ahead in health care privacy and security.

The key developments for 2015 are below.  For a full version of this article, click here.

  • The Implications of Big Data
  • New Litigation Theories for HIPAA Violations
  • Evolving Risk of Cyber-Attacks and Other Data Security Risks
  • HIPAA Audits
  • OCR Changes
  • Lab MD and the FTC
  • Business Associates
  • Health Care Research and De-Identification
  • International Implications
  • The Cloud and Off-Shore Access to On-Shore Medical Records


Privacy and data security will always be interesting and important topics for the health care industry.  Sometimes, these health care companies move away from viewing privacy and security as critical management issues.  For some period (and some companies) prior to HITECH, HIPAA became simply a compliance activity to be implemented by a bureaucratic compliance staff.

Now, with the importance of the big data revolution, the ongoing challenges presented by cyber and data security issues, and the increasing economic concern about potential costs related to large-scale security breaches, privacy and data security is becoming more and more of a front-burner issue for a wide variety of companies.  We can expect these big picture privacy and security issues to remain on the corporate agenda throughout 2015, and can expect that a wide array of interested audiences—including Congress, HHS, the FTC, State AGs, and others—will continue to keep these issues and challenges on the front pages.